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Amendments to the Claims 

This listing of claims will replace all prior versions, and listings of claims in the application: 
Listing of Claims 

1 . (Currently Amended) A method for implementing a security risk 
assessment for a merchant entity having connectivity to a shared network, the method 
comprising: 

receiving at a host computer system including a processor, from each of a 
plurality of payment-processing organizations, a set of security requirements defining protocols 
for implementing commercial transactions over the shared network using instruments identified 
with the payment-processing organization; 

developing, with the processor at the host computer system, a security test scheme 
having a set of test requirements whose satisfaction by the merchant entity is sufficient to ensure 
compliance with the sets of security requirements defined by each of the plurality of payment- 
processing organizations; [[and]] 

performing a remote scan of a network site maintained by the merchant entity on 
the shared network in support of shared-network commercial transactions with a security 
compliance authority server by the host computer system, the remote scan implementing at least 
a subset of the set of test requirements to evaluate compliance by the merchant entit y; and [[.]] 

transmitting a questionnaire from the host computer system to the merchant entity 
with the security compliance authority server, the questionnaire including queries whose truthful 
response identifies a level of compliance with at least some of the test requirements. 

2. (Canceled) 

3. (Original) The method recited in claim 1 further comprising scheduling an 
on-site audit at the merchant entity with the security compliance authority server, the on-site 
audit being structured to follow a prescribed methodology for identifying a level of compliance 
with at least some of the test requirements. 
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4. (Original) The method recited in claim 1 wherein a satisfaction level of the 
test requirements required for compliance with the test requirements is dependent on a 
characteristic of the merchant entity. 

5. (Original) The method recited in claim 4 wherein the characteristic 
comprises a shared-network transaction volume processed by the merchant entity over the shared 
network. 

6. (Original) The method recited in claim 1 wherein a frequency of 
performing the remote scan is dependent on a characteristic of the merchant entity. 

7. (Original) The method recited in claim 6 wherein the characteristic 
comprises a shared-network transaction volume processed by the merchant entity over the shared 
network. 

8. (Previously Presented) The method recited in claim 1 further comprising 
receiving information describing characteristics of the merchant entity from the merchant entity 
at the host computer system to limit parameters of the remote scan. 

9. (Previously Presented) The method recited in claim 1 further comprising 
generating a report at the host computer system summarizing a level of compliance by the 
merchant entity with the set of test requirements as determined from performing the remote scan. 

1 0. (Original) The method recited in claim 1 wherein the merchant entity 
comprises an Internet merchant. 

1 1 . (Original) The method recited in claim 1 wherein the merchant entity 
comprises an Internet merchant gateway. 

12. (Currently Amended) A method for assessing a security risk for a 
merchant entity having connectivity to a shared network, the method comprising: 

receiving information, at a host computer system including a processor, 
describing characteristics of the merchant entity from the merchant entity; 
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determining at the host computer system using the processor which test 
requirements of a security test scheme to use in assessing the security risk for the merchant 
entity, wherein the security test scheme includes a set of test requirements whose satisfaction by 
the merchant entity is sufficient to ensure compliance with a plurality of sets of security 
requirements defined by a plurality of payment-processing organizations; and 

executing the security test scheme with a security compliance authority server in 
accordance with the determined test requirements , wherein executing the security test scheme 
comprises transmitting a questionnaire from the host computer system to the merchant entity 
with the security compliance authority server, the questionnaire including queries whose truthful 
response identifies a level of compliance with at least some of the test requirements . 

1 3 . (Original) The method recited in claim 1 2 wherein executing the security 
test scheme comprises performing a remote scan of a network site maintained by the merchant 
entity on the shared network in support of shared-network commercial transactions with the 
security compliance authority server. 

14. (Original) The method recited in claim 12 wherein executing the security 
test scheme comprises scheduling an on-site audit at the merchant entity with the security 
compliance authority server, the on-site audit being structured to follow a prescribed 
methodology for identifying a level of compliance with at least some of the test requirements. 

15. (Canceled) 

1 6. (Original) The method recited in claim 1 2 wherein determining which test 
requirements of the security test scheme to use in assessing the security risk for the merchant 
entity is dependent on a characteristic of the merchant entity. 

17. (Original) The method recited in claim 1 6 wherein the characteristic 
comprises a shared-network transaction volume processed by the merchant entity over the shared 
network. 

18. (Previously Presented) The method recited in claim 12 further comprising 
generating a report at the host computer system summarizing a level of compliance by the 
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merchant entity with the set of determined test requirements as evaluated from executing the 
security test scheme. 

19. (Original) The method recited in claim 1 2 wherein the merchant entity 
comprises an Internet merchant. 

20. (Original) The method recited in claim 12 wherein the merchant entity 
comprises an Internet merchant gateway. 

2 1 . (Currently Amended) A non-transitory computer-readable storage medium 
having a computer-readable program embodied therein for direction operation of a security 
compliance authority server including a communications system, a processor, and a storage 
device, wherein the computer-readable program includes instructions for operating the security 
compliance authority server to assess a security risk for an merchant entity having connectivity 
to a shared network in accordance with the following: 

receiving, with the communications system, information describing characteristics 
of the merchant entity; 

determining, with the processor, which test requirements of a security test scheme 
to use in assessing the security risk for the merchant entity, wherein the security test scheme is 
stored on the storage device and includes a set of test requirements whose satisfaction by the 
merchant entity is sufficient to ensure compliance with a plurality of sets of security 
requirements defined by a plurality of payment-processing organizations; and 

executing, with the processor, the security test scheme in accordance with the 
determined test requirements , wherein executing the security test scheme comprises transmitting 
a questionnaire from the host computer system to the merchant entity with the security 
compliance authority server, the questionnaire including queries whose truthful response 
identifies a level of compliance with at least some of the test requirements . 

22. (Original) The computer-readable storage medium recited in claim 21 
wherein the instructions for executing the security test scheme comprise instructions for 
performing a remote scan of a network site maintained by the merchant entity on the shared 
network in support of shared-network commercial transactions. 



Page 5 of 9 



Appl. No. 10/611,656 PATENT 
Amdt. dated September 7, 2010 
Reply to Office Action of June 8, 2010 

23 . (Original) The computer-readable storage medium recited in claim 2 1 
wherein the instructions for executing the security test scheme comprise instructions for 
scheduling an on-site audit at the merchant entity. 

24. (Canceled) 
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